source: http://www.securityfocus.com/bid/5198/info
A vulnerability has been reported for GoAhead WebServer 2.1. Reportedly, it is possible for attackers to launch cross site scripting attacks against vulnerable systems.
GoAhead WebServer includes unsanitized requested URLs when displaying a 404 error page. An attacker may be able to trick a user into following a link which includes malicious script code, and executing the attack.
GoAhead-server/SCRIPTalert(document.domain)/SCRIPT